Comments (4)
Hi @jderusse, thanks for opening an issue.
The root certificate is not intended to be included in the chain. Only the end entity certificate and any of the intermediate certificates required to build a path from the end entity cert to a root already present on the client systems should be in the chain.
Are you not seeing the correct intermediates included?
from pebble.
Hello @cpu, thank for your reply.
The current chain certificate is well formatted with intermediate includes, my point concerns only the Root certificate. (Notice that letsencrypt version 1 provides this root certificate)
This Root certificates is required by AWS when installing certificates on ELB (see https://aws.amazon.com/premiumsupport/knowledge-center/load-balancer-certificate/?nc1=f_ls)
If it's not possible for pebble to include this root certificate in the chain? I guess, that regarding your response, it's not possible :-)
If not, what is the best way to fetch it? Does pebble (and boulder) expose and endpoint?
from pebble.
Hmm, I just tried to upload the chain certificate to AWS (without the root certificate) and it works...
I'm not sure what AWS means by The certificate chain starts with the certificate that was generated by your CA and ends with your CA's root certificate
but it look like the root certificate itself is not required.
Closing this issue, thank you @cpu for your support
from pebble.
I think the reason for this behavior was that the intermediate certificate was self-signed (which was fixed in #148). I've created a new issue for the question how to obtain the root certificate.
from pebble.
Related Issues (20)
- pebble-challtestsrv: allow defaultIPv4 to be a hostname HOT 1
- Golang, apk and zlib versions are outdated HOT 2
- Allow to force auth challenge HOT 1
- Implement the "dns-account-01" Challenge in Pebble HOT 9
- Full http logging HOT 1
- fix appveyor CI
- Support must-staple extension HOT 1
- Fix `golangci-lint` HOT 3
- Regression time limit exceeded / TimeoutError HOT 5
- Request for a new release HOT 6
- v2.5.0 docker push failed HOT 9
- ci: AppVeyor is broken HOT 1
- Remove DockerHub images of pebble and pebble-challtestsrv HOT 4
- Cannot set DNS server in Docker image HOT 10
- Docker: Use hostname instead of IP addresses HOT 7
- New Certificates aren't getting Ready HOT 2
- EAB with pebble 2.5.x HOT 12
- Pebble fails to start with externalAccountBinding test config
- The request specified an account that does not exist, [certbot and pebble] HOT 2
- The key authorization file from the server did not match this challenge HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pebble.